#!/usr/bin/bash
#
# Author: Dmitry Razumov <asmeron@ublinux.com>
# Copyright (c) 2021-2025 UBLinux <support@ublinux.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Initial script for Linux UBLinux
# This script are launching before starting init from initrd script
# Current dir allways must be set to root (/)
# All system path must be relative, except initrd dirs

ENABLED=yes
[[ ${ENABLED} == "yes" ]] || { return 0 2>/dev/null && return 0 || exit 0; }
DEBUGMODE=no

PATH=.:/:/usr/bin:/usr/local/bin:/usr/local/sbin

[[ ! -f /init ]] && { ROOTFS= ; CMD_CHROOT= ; } || { [[ -d /sysroot ]] && ROOTFS="/sysroot" || ROOTFS="."; CMD_CHROOT="chroot ${ROOTFS}"; }
SOURCE=${ROOTFS}/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
debug_mode "${SSC_ARGV0:-$0}" "$@"
SOURCE=${ROOTFS}/usr/lib/ublinux/default; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null

SYSCONF="${ROOTFS}${SYSCONF}"
SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null
SOURCE=${SYSCONF}/security; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null

exec_fstec_hardening_advised(){
    if [[ ${FSTEC_HARDENING_ADVISED,,} == @(enable|on) ]]; then
        ${ROOTFS}/usr/bin/fstec-hardening-advised --quiet --nocolor --test --apply
    elif [[ ${FSTEC_HARDENING_ADVISED,,} =~ ^([[:digit:],]+)$ ]]; then
        ${ROOTFS}/usr/bin/fstec-hardening-advised --quiet --nocolor --test ${BASH_REMATCH[1]} --apply
    elif [[ ${FSTEC_HARDENING_ADVISED,,} == @(disable|none|off) ]]; then
        true
    fi
}

exec_fstec_hardening_a4(){
    if [[ ${FSTEC_HARDENING_A4,,} == @(enable|on) ]]; then
        ${ROOTFS}/usr/bin/fstec-hardening-a4 --quiet --nocolor --test --apply
    elif [[ ${FSTEC_HARDENING_A4,,} =~ ^([[:digit:],]+)$ ]]; then
        ${ROOTFS}/usr/bin/fstec-hardening-a4 --quiet --nocolor --test ${BASH_REMATCH[1]} --apply
    elif [[ ${FSTEC_HARDENING_A4,,} == @(disable|none|off) ]]; then
        true
    fi
}

################
##### MAIN #####
################

    exec_fstec_hardening_advised "$@"
    exec_fstec_hardening_a4 "$@"
